ShareCenter:

Fix authorization checking for various share types. Make sure to register the REQUIRES_INDEXATION flag on syncable shared workspaces to trigger indexation at first changes API call (should fix #913)
pydio · Jun 16, 2015 · b5f0b32 · b5f0b32
1 parent 99a718a
commit b5f0b32
Showing 1 changed file with 41 additions and 6 deletions.
diff --git a/core/src/plugins/action.share/class.ShareCenter.php b/core/src/plugins/action.share/class.ShareCenter.php
@@ -80,13 +80,13 @@ protected function parseSpecificContributions(&$contribNode)
                 // All share- actions
                 $xpathesToRemove[] = 'action[contains(@name, "share-")]';
             }else{
-                $folderSharingMode = $this->pluginConf["ENABLE_FOLDER_SHARING"];
-                $fileSharingAllowed = $this->pluginConf["ENABLE_FILE_PUBLIC_LINK"];
+                $folderSharingAllowed = $this->getAuthorization("folder", "any"); // $this->pluginConf["ENABLE_FOLDER_SHARING"];
+                $fileSharingAllowed = $this->getAuthorization("file"); //$this->pluginConf["ENABLE_FILE_PUBLIC_LINK"];
                 if($fileSharingAllowed === false){
                     // Share file button
                     $xpathesToRemove[] = 'action[@name="share-file-minisite"]';
                 }
-                if($folderSharingMode == 'disable'){
+                if(!$folderSharingAllowed){
                     // Share folder button
                     $xpathesToRemove[] = 'action[@name="share-folder-minisite-public"]';
                 }
@@ -116,6 +116,21 @@ public function init($options)
         }
     }
 
+    protected function getAuthorization($nodeType, $shareType = "any"){
+        if($nodeType == "file"){
+            return $this->getFilteredOption("ENABLE_FILE_PUBLIC_LINK") !== false;
+        }else{
+            $opt = $this->getFilteredOption("ENABLE_FOLDER_SHARING");
+            if($shareType == "minisite"){
+                return ($opt == "minisite" || $opt == "both");
+            }else if($shareType == "workspace"){
+                return ($opt == "workspace" || $opt == "both");
+            }else{
+                return ($opt !== "disabled");
+            }
+        }
+    }
+
     /**
      * @return ShareCenter
      */
@@ -219,6 +234,11 @@ public function switchAction($action, $httpVars, $fileVars)
 
                 if ($subAction == "delegate_repo") {
                     header("Content-type:text/plain");
+                    $auth = $this->getAuthorization("folder", "workspace");
+                    if(!$auth){
+                        print 103;
+                        break;
+                    }
                     $result = $this->createSharedRepository($httpVars, $this->repository, $this->accessDriver);
                     if (is_a($result, "Repository")) {
                         $newMeta = array("id" => $result->getUniqueId(), "type" => "repository");
@@ -1601,8 +1621,18 @@ public function createSharedMinisite($httpVars, $repository, $accessDriver)
             }else{
                 $setFilter = true;
             }
+            $nodes = $userSelection->buildNodes($this->accessDriver);
+            $hasDir = false; $hasFile = false;
+            foreach($nodes as $n){
+                $n->loadNodeInfo();
+                if($n->isLeaf()) $hasFile = true;
+                else $hasDir = true;
+            }
+            if( ( $hasDir && !$this->getAuthorization("folder", "minisite") ) || ($hasFile && !$this->getAuthorization("file"))){
+                return 103;
+            }
             if($setFilter){
-                $httpVars["filter_nodes"] = $userSelection->buildNodes($this->accessDriver);
+                $httpVars["filter_nodes"] = $nodes;
             }
             if(!isSet($httpVars["repo_label"])){
                 $first = $userSelection->getUniqueNode($this->accessDriver);
@@ -1739,10 +1769,15 @@ public function createSharedRepository($httpVars, $repository, $accessDriver, $u
         if (!isSet($httpVars["repo_label"]) || $httpVars["repo_label"] == "") {
             return 100;
         }
+        /*
+        // FILE IS ALWAYS THE PARENT FOLDER SO WE NOW CHECK FOLDER_SHARING AT A HIGHER LEVEL
+        $file = AJXP_Utils::decodeSecureMagic($httpVars["file"]);
         $foldersharing = $this->getFilteredOption("ENABLE_FOLDER_SHARING", $this->repository->getId());
-        if (isset($foldersharing) && ($foldersharing === false || (is_string($foldersharing) && $foldersharing == "disable"))) {
+        $foldersharingDisabled = isset($foldersharing) && ($foldersharing === false || (is_string($foldersharing) && $foldersharing == "disable"));
+        if (is_dir($this->urlBase.$file) && $foldersharingDisabled) {
             return 103;
         }
+        */
         $loggedUser = AuthService::getLoggedUser();
         $actRights = $loggedUser->mergedRole->listActionsStatesFor($repository);
         if (isSet($actRights["share"]) && $actRights["share"] === false) {
@@ -1883,7 +1918,7 @@ public function createSharedRepository($httpVars, $repository, $accessDriver, $u
                     if (isSet($data["USE_SESSION_CREDENTIALS"]) && $data["USE_SESSION_CREDENTIALS"] === true) {
                         $options["META_SOURCES"][$index]["ENCODED_CREDENTIALS"] = AJXP_Safe::getEncodedCredentialString();
                     }
-                    if($index == "meta.syncable" && $data["REPO_SYNCABLE"] === true ){
+                    if($index == "meta.syncable" && (!isSet($data["REPO_SYNCABLE"]) || $data["REPO_SYNCABLE"] === true )){
                         $data["REQUIRES_INDEXATION"] = true;
                     }
                 }